Earlier this evening (Eastern Time) the Web sites for Microsoft UK, Microsoft Saudi Arabia and Microsoft Mexico were defaced by the
group Prime Suspectz. This makes 9 times a Microsoft Web site has been defaced including other Microsoft global sites in
Brazil and Slovenia.

Last month (April 2001) we had claimed that the Microsoft Greece Web site was defaced twice, first by Prime Suspectz and
later by World of Hell (WoH). We were later informed that the domain www.microsoft.com.gr was owned by a man in Greece not by
Microsoft and further research led to the true Microsoft Hellas (Greece) Web site at: http://www.microsoft.com/hellas/.

While these 3 Microsoft Web sites and the previous NEC USA Web sites have all been running Windows 2000 and IIS 5.0, we
will not say they are using the exploit (jill.c) for the recent IIS hole discovered by eEye until we have confirmation from
the defacers themselves. Please do not ask - we will post something when we know.

ABOUT PRIME SUSPECTZ and OTHER GROUPS

Prime Suspectz is a group known for their regular campaign against Web sites of large multinational corporations including
NEC USA (a short time ago) Nike Brazil, Panasonic Italy, BMW France, Chevrolet Argentina, Samsung South Africa, Nintendo Spain
and many more. See our previous commentary on high profile foreign defacements for a full list - http://www.attrition.org/security/commentary/hp-foreign-01.html

Prime Suspectz isn't the only group defacing high profile foreign sites. So far this year, sites for Canon Greece, Canon
Turkey, and Xerox India have also been defaced. We expect to see this trend continue until these companies work to secure
their global Web sites as well or better than their flagship portals.